mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
dissect: disallow empty partition tables
If we don't find a single useful partition table, refusing dissection. (Except in systemd-dissect, when we are supposed to show DDI information, in that case allow this to run and show general DDI information, i.e. size, UUID and name at least)
This commit is contained in:
parent
dee4a6237a
commit
598fd4da1c
@ -501,7 +501,8 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
arg_flags |= DISSECT_IMAGE_READ_ONLY;
|
||||
/* when dumping image info be even more liberal than otherwise, do not even require a single valid partition */
|
||||
arg_flags |= DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_ALLOW_EMPTY;
|
||||
break;
|
||||
|
||||
case ACTION_MOUNT:
|
||||
|
@ -1485,6 +1485,8 @@ static int dissect_image(
|
||||
}
|
||||
}
|
||||
|
||||
bool any = false;
|
||||
|
||||
/* After we discovered all partitions let's see if the verity requirements match the policy. (Note:
|
||||
* we don't check encryption requirements here, because we haven't probed the file system yet, hence
|
||||
* don't know if this is encrypted or not) */
|
||||
@ -1492,6 +1494,8 @@ static int dissect_image(
|
||||
PartitionDesignator vi, si;
|
||||
PartitionPolicyFlags found_flags;
|
||||
|
||||
any = any || m->partitions[di].found;
|
||||
|
||||
vi = partition_verity_of(di);
|
||||
si = partition_verity_sig_of(di);
|
||||
|
||||
@ -1513,6 +1517,9 @@ static int dissect_image(
|
||||
}
|
||||
}
|
||||
|
||||
if (!any && !FLAGS_SET(flags, DISSECT_IMAGE_ALLOW_EMPTY))
|
||||
return -ENOMSG;
|
||||
|
||||
r = dissected_image_probe_filesystems(m, fd, policy);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1605,6 +1612,9 @@ static int dissect_log_error(int r, const char *name, const VeritySettings *veri
|
||||
case -ERFKILL:
|
||||
return log_error_errno(r, "%s: image does not match image policy.", name);
|
||||
|
||||
case -ENOMSG:
|
||||
return log_error_errno(r, "%s: no suitable partitions found.", name);
|
||||
|
||||
default:
|
||||
return log_error_errno(r, "Failed to dissect image '%s': %m", name);
|
||||
}
|
||||
|
@ -80,6 +80,7 @@ typedef enum DissectImageFlags {
|
||||
DISSECT_IMAGE_PIN_PARTITION_DEVICES = 1 << 21, /* Open dissected partitions and decrypted partitions and pin them by fd */
|
||||
DISSECT_IMAGE_RELAX_SYSEXT_CHECK = 1 << 22, /* Don't insist that the extension-release file name matches the image name */
|
||||
DISSECT_IMAGE_DISKSEQ_DEVNODE = 1 << 23, /* Prefer /dev/disk/by-diskseq/… device nodes */
|
||||
DISSECT_IMAGE_ALLOW_EMPTY = 1 << 24, /* Allow that no usable partitions is present */
|
||||
} DissectImageFlags;
|
||||
|
||||
struct DissectedImage {
|
||||
|
Loading…
Reference in New Issue
Block a user